Dating myspace comments
Here’s the current email address “[email protected]”. Let’s go back to the account recovery form and fill in a fake email address “[email protected]”. it turns out some of those fields aren’t required at all. Myspace only validates name, username and date of birth.
The full name and the username of the account holder can be found from a simple google.
Myspace may no longer be relevant as a social media site, but its treatment of security is as relevant as ever. Try to imagine a time when Facebook and Twitter weren’t the top social media websites in use.
To understand how Myspace got to this state, let’s start at the beginning. Go back a bit further, way back and you’ll arrive in a year called 2006. The world had begun to move on, everyone was emigrating to the new platform called Facebook. It emerged that Myspace had (historically none the less) suffered one of the largest breaches in history.
All fields marked with an “*” are required fields, aren’t they?
Let’s see if Myspace validates the existing email address associated with the account.
After all Myspace takes security very seriously, right?
This vulnerability allows anyone access to any Myspace account, with only three pieces of information.
If you can’t remember all account details the first step is to go through the account recovery that I went through above.
After that, select account settings: You’ll find the delete account option below: For a video demonstrating just how easy this is: So how seriously does Myspace take security? I sent an email to Myspace in April documenting this vulnerability and received nothing more than an automated response.
Myspace assured us that they take security seriously “We have several dedicated teams working diligently to ensure that the information our members entrust to Myspace remains secure.” But wait, there’s more!
Myspace told us “We are currently utilizing advanced protocols including double salted hashes” Double salted hashes sound great, right?